Total
7679 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9336 | 1 Itwitter Project | 1 Itwitter | 2025-04-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. | |||||
CVE-2016-1228 | 2 Ntt-east, Ntt-west | 12 Pr-400mi, Pr-400mi Firmware, Rt-400mi and 9 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2015-0905 | 1 Bblog Project | 1 Bblog | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2014-6214 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
CVE-2016-1168 | 1 Aterm | 2 Wf800hp, Wf800hp Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2014-3896 | 1 Seeds | 1 Acmailer | 2025-04-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization. | |||||
CVE-2015-2089 | 1 Crossslide Jquery Project | 1 Crossslide Jquery | 2025-04-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php. | |||||
CVE-2012-1203 | 1 Syndeocms | 1 Syndeocms | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action. | |||||
CVE-2015-2770 | 1 Websense | 1 V-series Appliances | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2014-4333 | 1 Boonex | 1 Dolphin | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810. | |||||
CVE-2015-4252 | 1 Cisco | 1 Telepresence Isdn Gw 3241 | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724. | |||||
CVE-2015-3354 | 1 Wishlist Project | 1 Wishlist | 2025-04-12 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. | |||||
CVE-2013-4726 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2015-6378 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2025-04-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | |||||
CVE-2015-4108 | 1 Wftpserver | 1 Wing Ftp Server | 2025-04-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html. | |||||
CVE-2014-10027 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | |||||
CVE-2016-1151 | 1 Cybozu | 1 Office | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2015-5351 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | |||||
CVE-2015-3946 | 1 Advantech | 1 Webaccess | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2015-7364 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 6.8 MEDIUM | N/A |
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token. |